Download PDF - Codenomicon

More documents

Recommendations

Info

CODENOMICON WHITEPAPER - Proactive Cyber Security: Stay Ahead of Advanced Persistent Threats (APTs) Combining Internal and External Information Comprehensive situation awareness is achieved by combining threat and vulnerability intelligence from internal and external sources. Most organizations employ SIEM systems and IPS/IDS solutions, which provide valuable insight into incidents within networks. However, even serious cyber threats can be dismissed as random attacks, if the security personnel lack the global abuse situation awareness needed to examine events in coordination with other security incidents. Similarly, external abuse information requires network-specific intelligence to be applied into practice. Figure 10 depicts the iteration of abuse situation awareness from internal and external sources. The internal resources include vulnerability and threat information from internal threat monitoring and in-house fuzz tests. The external resources include general abuse feeds and industry-specific threat information. Utilizing external information sources used to be challenging, due to the lack of common information sharing standards. AbuseSA solves this problem by being format-independent. You can use AbuseSA collect and present information in any format making it easier to combine internal and external security intelligence. The AbuseSA also makes it possible to share security information within industries on a completely new level. 13 Conclusion Cyber attacks are getting more sophisticated and traditional signature-based defenses are no longer enough to secure increasingly public networks. There has been a sharp rise in Advanced Persistent Threats, highlymotivated and well-resourced groups carrying out high-impact attacks. These attacks frequently exploit zeroday vulnerabilities making them hard to detect and difficult to defend against. This paper presented two approaches to handling such threats. Firstly, fuzzing can be used to prevent zeroday attacks by getting rid of exploitable vulnerabilities proactively. Secondly, abuse situation awareness provides you with the information you need to respond to cyber attacks rapidly. The best results can be achieved by incorporating fuzzing and situation awareness best practices in to your organizations processes. Fuzzing should be a part of your software development and procurement processes. Similarly, abuse situation awareness should be a part of your network monitoring processes automating the collection of abuse and incident information from internal and external sources. Due to the complexity and vastness of critical networks, the only effective form of cyber security is proactive cyber security.
CODENOMICON WHITEPAPER - Proactive Cyber Security: Stay Ahead of Advanced Persistent Threats (APTs) References [1] <strong>Codenomicon</strong>, “How to Really Avoid Zero-Day Attacks – Build Security In, Don’t Add it”, January 2010 [2] OECD, “Malicious Software (Malware): A Security Threat to the Internet Economy”, OECD Ministerial Meeting on the Future of the Internet Economy, June 2008. [3] RSA, The Security Devision of EMC, “Getting Ahead of Advanced Threats: Achieving Intelligence-Driven Information security”, Security for Business Innovation Council Report, 2012. [4] T. Rontti, A-M. Juuso & J-M. Tirilä, “Securing Next Generation Networks by Fuzzing Protocol Implementations”, November 2011. [5] A. Takanen, “Unknown Vulnerability Management and Testing”, Fuzzing 101 Webinar, January 2011. [6] C. Wang and A. Takanen, “Fuzz your infrastructure - the blackhats are doing it, shouldn’t you”, <strong>Codenomicon</strong> and Forrester, Fuzzing 101 Webinar, April 2011. [7] A-M. Juuso & A. Takanen, “Unknown Vulnerability Management for Telecommunications, March 2011. [8] Next-Generation Marketing and Measurement, a commissioned study conducted by Forrester on behalf of Omniture, June 2009. In [6]. [9] A. Takanen, J.D. Demott & C. Miller, Fuzzing for Software Security Testing and Quality Assurance, Artech House, 2008. [10] A. Takanen, “Fuzzing: Helping to Avoid Zero-Day Attack”, February 2010. http://www.continuitycentral. com/feature0754.html visited 2011/12/09 [11] R. Kaksonen & A. Takanen, “XML Fuzzing Tool: Testing XML on Multiple Levels”, Testing Experience, December 2009 [12] M. Varpiola, “Embedded Device [fuzz] testing [against [A]PT]], Government and Defense perspective”, Amphion Forum, June 2012. [13] L. F. Cranor, “A Framework for Reasoning About the Human in the Loop”, UPSEC 2008. http://static.usenix.org/event/upsec08/ tech/full_papers/cranor/cranor.pdf visited 2012/08/15 [14] M. R. Endsley, “Designing for situation awareness in complex systems”. Proceedings of the Second intenational workshop on symbiosis of humans, artifacts and environment, Kyoto, Japan, 2001. [15] RSA Security Brief, “Breaking Down Barriers to Collaboration in the Fight Against Advanced Threats”, February 2012. [16] Verizon, “2012 Data Breach Investigations Report”, 2012. [17] J. Kenttälä, “Abuse Situation awareness, Deal with Malware, Spam, Botnets, Phishing and more”, August 2012. [18] I. Sánchez, E. Kuusela, S. Turpeinen, J. Röning & J. Riekki, “Botnet-inspired architechture for Interactive Spaces”, Conference Proceedings of the 8th International Conference on Mobile and Ubiquitous Multimedia,Cambridge, UK, 2009. [19] HP, “2011 Top Cyber Security Risks Report”, technical white paper, April 2012. [20] P. Sommer & I. Brown, “Reducing Systemic Cybersecurity Risk”, OECD Project Future Global Shocks, January 2011. [21] The Washington Post, “Understanding cyberspace is key to defending against digital attacks”, June 2012. http://www. washingtonpost.com/investigations/understanding-cyberspace-is-key-to-defending-against-digital-attacks/2012/06/02/ gJQAsIr19U_story.html visited 2012/08/15 [22] S. Kroft, “Stuxnet: Computer worm opens new era of warfare”, 60 Minutes, July 2012. [23] A-M. Juuso & A. Takanen, “Unknown Vulnerability Management”, April 2010. [24] A-M. Juuso & A. Takanen, “Building Secure Software using Fuzzing and Static Code Analysis”, August 2011. [25] Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security “Homeland Security Strategy for Critical Infrastructure Protection in the Financial Services Sector”, May 2004. [26] P. Barford & al, “Cyber SA: Situational Awareness for Cyber Defense”. [27] R. Chipman & R. Wuerfel, “Network based Information sharing Between Emergency Operations Center”, IEEE, 2008. Collaboration
Page 1 and 2: Codenomicon whitepaper: Proactive C
Page 3 and 4: CODENOMICON WHITEPAPER - Proactive
Page 13: CODENOMICON WHITEPAPER - Proactive

Download PDF - Codenomicon

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?